package i4;

import d4.w2;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import m4.c;

/* compiled from: AbstractCBLTrustManager.java */
/* loaded from: classes.dex */
public abstract class a implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final X509Certificate f12545a;

    /* renamed from: b, reason: collision with root package name */
    private final boolean f12546b;

    /* renamed from: c, reason: collision with root package name */
    private final c.a<List<Certificate>> f12547c;

    /* renamed from: d, reason: collision with root package name */
    private final AtomicReference<X509TrustManager> f12548d = new AtomicReference<>();

    public a(X509Certificate x509Certificate, boolean z10, c.a<List<Certificate>> aVar) {
        this.f12545a = x509Certificate;
        this.f12546b = z10;
        this.f12547c = aVar;
    }

    private boolean d(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final List<X509Certificate> a(X509Certificate[] x509CertificateArr) {
        return x509CertificateArr == null ? Collections.emptyList() : Arrays.asList(x509CertificateArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void b(List<X509Certificate> list, String str) throws CertificateException {
        w2 w2Var = w2.NETWORK;
        Object[] objArr = new Object[2];
        int i10 = 0;
        objArr[0] = Integer.valueOf(list == null ? 0 : list.size());
        objArr[1] = str;
        l4.a.d(w2Var, "CBL trust check: %d, %s", objArr);
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("No server certificates");
        }
        if (m4.j.b(str)) {
            throw new IllegalArgumentException("Empty auth type");
        }
        X509Certificate x509Certificate = list.get(0);
        x509Certificate.checkValidity();
        if (this.f12545a == null) {
            if (list.size() != 1 || !d(x509Certificate)) {
                throw new CertificateException("Server did not present the expected single, self-signed certificate");
            }
        } else {
            while (!this.f12545a.equals(x509Certificate)) {
                i10++;
                if (i10 >= list.size()) {
                    throw new CertificateException("The pinned certificate did not match any certificate in the server chain");
                }
                x509Certificate = list.get(i10);
                x509Certificate.checkValidity();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final X509TrustManager c() {
        X509TrustManager x509TrustManager = this.f12548d.get();
        if (x509TrustManager != null) {
            return x509TrustManager;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i10 = 0;
            while (true) {
                if (i10 >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i10];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i10++;
            }
            if (x509TrustManager == null) {
                throw new UnsupportedOperationException("Cannot find an X509TrustManager");
            }
            com.couchbase.lite.internal.k.a(this.f12548d, null, x509TrustManager);
            return this.f12548d.get();
        } catch (KeyStoreException | NoSuchAlgorithmException e10) {
            throw new UnsupportedOperationException("Cannot find the default trust manager", e10);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new UnsupportedOperationException("checkClientTrusted(X509Certificate[], String) not supported for client");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        List<X509Certificate> a10 = a(x509CertificateArr);
        e(a10);
        if (f()) {
            b(a10, str);
            return;
        }
        w2 w2Var = w2.NETWORK;
        Object[] objArr = new Object[2];
        objArr[0] = Integer.valueOf(x509CertificateArr == null ? 0 : x509CertificateArr.length);
        objArr[1] = str;
        l4.a.d(w2Var, "Default trust check: %d, %s", objArr);
        c().checkServerTrusted(x509CertificateArr, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void e(List<X509Certificate> list) {
        this.f12547c.accept(Collections.unmodifiableList(list));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean f() {
        return this.f12546b || this.f12545a != null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return f() ? new X509Certificate[0] : c().getAcceptedIssuers();
    }
}
